Senior Manager, Technology Product Management - Technology & Cyber Governance - Remote or Hybrid in MN or DC

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.  

The Enterprise Information Security (EIS) team is responsible for cybersecurity across our organization. We support our business and members by reducing risk, rapidly responding to threats, focusing on business resiliency and securing new acquisitions.

The Senior Manager, Tech Product Management is responsible for leading the design, implementation, and continuous improvement of governance routines that ensure effective adherence to technology and cybersecurity standards. This role plays a critical part in shaping the enterprise technology risk profile and embedding sustainable, risk-based governance practices that drive accountability, transparency, and informed decision-making across technology organizations.

Success in this role requires not only deep audit and risk expertise but also the ability to architect governance operating models, integrate risk into business processes, and influence senior stakeholders to adopt consistent and scalable risk management practices.

The role requires ongoing engagement with policy and standard owners, executive leadership, and technology stakeholders to establish robust governance routines that translate policy requirements into measurable, enforceable, and sustainable practices.

The Senior Product Manager will collaborate with Technology and Cybersecurity teams to define risk based  thresholds for their standards that feed into escalation protocols performance metrics, and monitoring mechanisms, ensuring alignment to enterprise risk appetite and regulatory expectations.

The role also partners with suppliers, business owners, control owners, and risk teams to identify gaps, validate remediation, and assess control effectiveness, while driving improvements in governance maturity and operational resilience.

What Differentiates a High-Performing Product Manager in This Role:

• Designs governance-not just evaluates it
• Thinks in terms of systems, scalability, and sustainability rather than isolated controls
• Anticipates emerging risks and embeds them into governance early
• Uses data and automation to drive efficiency and insight
• Influences enterprise-wide behavior change and accountability
• Balances risk mitigation with business agility and innovation

You'll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

Primary Responsibilities: 

• Define and implement a comprehensive technology and cybersecurity governance framework, including oversight routines, risk reporting structures, and escalation pathways
• Design and collaborate with Technology and Cybersecurity teams to operationalize risk governance routines that integrate into day-to-day technology processes (e.g., SDLC, cloud deployments, third-party onboarding)
• As part of governance, collaborate with Technology and Cybersecurity teams to ensure they define Key Risk Indicators (KRIs), Key Control Indicators (KCIs), and performance metrics, including thresholds aligned to risk appetite that support the GRC metrics framework
• Lead risk profiling and aggregation activities, connecting control effectiveness, threat landscape, and business impact into a clear enterprise risk view
• Evaluate and challenge governance processes to ensure consistency, scalability, automation, and sustainability
• Drive standardization of governance practices across disparate technology teams and domains.
• Assess effectiveness of preventive vs. detective controls, continuous monitoring capabilities, and automated controls
• Influence leadership to strengthen risk ownership, accountability, and decision-making discipline
• Ensure governance routines satisfy regulatory, audit, and industry framework expectations

Core Competencies:

Technology & Cybersecurity Expertise

• Advanced knowledge of enterprise architectures, cloud platforms, data ecosystems, and technology cybersecurity domains (IAM, network, endpoint, application security).
• Ability to evaluate how technology design decisions impact risk exposure and control effectiveness
  

Risk Governance & Operating Model Design 

• Ability to assess complex and ambiguous scenarios and define governance approaches where precedents do not exist
• Proven ability to design end-to-end governance operating models, including roles, responsibilities, workflows, and accountability structures
• Expertise in embedding risk governance into core technology lifecycle processes (SDLC, DevSecOps, infrastructure provisioning)
• Solid capability to define risk appetite statements, tolerance levels, and action-trigger thresholds
• Understanding of tiered governance models (operational, tactical, executive-level oversight)
• Ability to align governance routines to business strategy and digital transformation initiatives

Stakeholder Influence & Executive Communication (ENHANCED)

• Ability to communicate complex technical risks in clear, business-relevant terms
• Solid executive presence with experience influencing senior leaders and driving behavioral change
• Capability to challenge constructively while maintaining solid partnerships
• Skilled in delivering impactful reporting, including risk narratives, dashboards, and escalation briefings
  

Regulatory & Industry Alignment

• Deep understanding of frameworks such as NIST CSF, ISO 27001, COBIT, SOX, FFIEC
• Ability to map governance routines to regulatory expectations and audit requirements
• Awareness of evolving cybersecurity regulations and supervisory expectations

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications: 

• Associate's degree (or higher) in Information Security, Risk Management, Business, or related field
• 10+ years in technology and information security with solid experience in risk governance, control assurance, and cybersecurity risk management
• 5+ years working across matrixed organizations with multiple stakeholders
• Demonstrated experience in:
  • Designing or maturing risk governance routines and frameworks
  • Defining risk metrics, thresholds, and escalation processes
  • Assessing control effectiveness at scale
• Experience in technology engineering, technology development, technology infrastructure or cybersecurity management

Preferred Qualifications: 

• Certifications: CISA, CRISC, CISSP, CISM
• Experience in large-scale governance transformation or audit modernization initiatives
• Exposure to cloud governance, AI risk frameworks, and DevSecOps environments

*All employees working remotely will be required to adhere to UnitedHealth Group's Telecommuter Policy.

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $112,700 to $193,200 annually based on full-time employment. We comply with all minimum wage laws as applicable.

Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.    

UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.